I’m really loving Octopi. Especially on the Fold since I can have multiple layouts. The stackable widgets are really nice too.

https://play.google.com/store/apps/details?id=com.otp.octopilauncher

deleted by creator

Yep that’s how my desktops and servers are set up. I only recently started adding the TPM PIN to my laptops for a bit of extra protection from cold boot / evil maid attacks.

given that Secure Boot prevents any modification of your computer’s boot chain

Secure Boot does no such thing. All it does it require that everything in the boot chain is signed by a trusted cert.

Binding TPM PCR7 to FDE (or more brittle options like 0+2+4) is really what protects against boot chain modifications but that’s another topic.

Disabling SB to install the distro, then re-enabling it once installed with either maintainer-signed shim or self-signed UKI/bootloader is perfectly fine.

You need both FDE and Secure Boot, ideally with FDE using a TPM with PIN and PCR 7+15=0. FDE without SB can be trivially boot-kitted and obviously SB without FDE is mostly pointless. Maybe for a server/desktop behind locked doors you don’t worry as much, but for a laptop you absolutely should. Also it’s really easy in Arch to resign the UKI with sbctl via a pacman hook whenever the kernel is updated so there’s no good reason not to use it.

If you’re relying on a LUKS password only, it can be brute-forced. To protect against that you need a decently long password which is annoying to type every boot. A short TPM PIN sealed by SB protecting LUKS is both more convent and more secure.

Finally, if an attacker or malware gets root, FDE isn’t protecting you either.

Yeah this is an issue but not a big one. Most distro’s installation media don’t use shim so you have to disable SB during install anyway.

And installing the 2023 KEK and db certs can be done via firmware without much trouble or you can use sbctl in setup mode which I believe has both the 2011 and 2023 keys.

If you dual boot Windows you’ll want to update it to the new bootmgr signed with the 2023 keys and add the 2011 certs to dbx to protect against BlackLotus or let Windows do it via patches+regfixes.

Also know that any changes to PK, KEK, dB, or dbx will change the PCR 7 measurement so handle that accordingly if you use TPM unlock for FDE.

It’s unlikely since it uses the field ID and not the text, so it wouldn’t know which question went with which answer.

It’s so rarely needed to actually use these anyway, that it’s a non-issue IMO. You should never opt to use security questions as they are terrible from a security standpoint. This is just for when they are required by stupid websites.

Most DNS queries are UDP.

I’d do a modified scream test and change old.domain to something like 1.2.3.4. Then run sudo netstat or ss with -tpn, grepping for 1.2.3.4.

Or something like grep -r old.domain /etc.

Yeah, that too.

While I’m not 100% certain it’s not just confusing perspective, it does appear that the slope rise is shorter than the run, suggesting that this is from the top of the stairs.

Yep, that would work fine for the first line of defense. Eventually, you can expand it to copy, replicate, or drive swap the onprem backups offsite somewhere (e.g., cloud, office, or family member) if you want to protect your data from site loss (e.g., house fire).

The only thing missing is a good backup.

If you are storing anything important – especially Immich and Vaultwarden data – you should have a good offsite protection strategy. And even the HASS config should be backed up with versioning because rebuilding from scratch could be painful once you get deep into it.

I’ll let others chime in on possible good backup options because I use Veeam and Azure, which really isn’t in the spirit of this community, and I’d be interested in good open source options myself.

Also, RAID (mirroring) is NOT a backup.

Lol Microsoft is not even close to a walled garden. This is just them removing the password manager feature that nobody used from their authenticator app.

Also it was black on red to make it harder to photocopy. I remember my mom being proud that she’d used the filters on the fancy copier she had at work to copy this sheet.

It’s not exactly clear what the main goal is here and it sounds like a bad idea on first glance after reading your last paragraph. But it sounds like you might be looking for mandatory profiles.

https://learn.microsoft.com/en-us/windows/client-management/client-tools/mandatory-user-profile

But now that I read it again I think you might be conflating users/profiles with sessions. In which case no, this is neither possible nor a good idea. But it still might be okay with mandatory profiles if the device and app works the same from multiple sessions.

Anyway, you might get better answers if you state the full problem, including details on software and device, not just your proposed solution.

https://xyproblem.info/

The easiest way that doesn’t affect the main network would be to use a travel router. Its WAN IP would be the private IP it gets from the main network (over wireless since that’s your only option). And it would NAT your network onto that IP and then you can do whatever you want on your network.

I’m not sure if that Mikrotik router will do this but it might. You basically need something that can connect to an SSID and use that interface as its WAN interface. The wireless factor here is really limiting your choices. If you had a wired uplink to the main network you could use any router/gateway/firewall you wanted. You could also use an AP in bridge mode to connect to the main network’s SSID and wire it to the WAN port of any router of your choice.

You don’t really need to use VLANs to separate your network from the main network unless you want to share any of the same layer 2 segments (basically wired Ethernet) while keeping it isolated. But it doesn’t really sound like that applies in your scenario. Of course using VLANs within your network would still make sense if that applies (for example, to separate your server traffic from your IoT traffic).

They’re only killing the crappy store/UWP version that nobody used anyway and only caused confusion. The normal OneNote bundled in Office isn’t going anywhere as far as I know.

That said, I’ve moved a lot of my note taking to Obsidian. It’s not a perfect replacement but it’s a fantastic markdown editor and now I use both for different use cases.

Woosh?

What a dummy!

I heavily use both and this is objectively untrue.